On Fri, Mar 14, 2014 at 04:52:03PM +0100, Pavel Reichl wrote:
On Fri, 2014-03-14 at 11:21 -0400, Stephen Gallagher wrote:
[snip]
>
>
> Recommended rephrasing:
>
> NOTE: The value of this option must be at least as large as the
> highest user RID planned for use on the Active Directory server. User
> lookups and login will fail for any user whose RID is greater than
> this value.
>
> For example, if your most recently-added Active Directory user has
> objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
> <quote>ldap_idmap_range_size</quote> must be at least 1107.
>
> It is important to plan ahead for future expansion, as changing this
> value will result in changing all of the ID mappings on the system,
> leading to users with different local IDs than they previously had.
Thank you Stephen for your prompt response and valuable input.
New patch with recommended rephrasing is attached.
As Stephen has reminded me on IRC, he can't formally ack this patch as he
was involved in crafting the error message.
That said, the change looks good to me.
ACK